US20230153036A1 - Data management apparatus and data management method - Google Patents

Data management apparatus and data management method Download PDF

Info

Publication number
US20230153036A1
US20230153036A1 US17/972,977 US202217972977A US2023153036A1 US 20230153036 A1 US20230153036 A1 US 20230153036A1 US 202217972977 A US202217972977 A US 202217972977A US 2023153036 A1 US2023153036 A1 US 2023153036A1
Authority
US
United States
Prior art keywords
record
time stamp
distributed ledger
stamp token
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
US17/972,977
Other languages
English (en)
Inventor
Naoki YAMAMURO
Wataru FUKATSU
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toyota Motor Corp
Scalar Inc
Original Assignee
Toyota Motor Corp
Scalar Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toyota Motor Corp, Scalar Inc filed Critical Toyota Motor Corp
Assigned to SCALAR, INC., TOYOTA JIDOSHA KABUSHIKI KAISHA reassignment SCALAR, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: FUKATSU, WATARU, Yamamuro, Naoki
Publication of US20230153036A1 publication Critical patent/US20230153036A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0604Improving or facilitating administration, e.g. storage management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices

Definitions

  • the present disclosure relates to a data management apparatus and a data management method for managing data based on a distributed ledger technology.
  • the time stamp token has an expiration date. Therefore, a technique to prove existence and integrity beyond the expiration date of the time stamp token has been studied.
  • Japanese Patent Laying-Open No. 2014-42214 discloses a data proof system that performs processing for extending an expiration date of a long-term signature with the use of a time stamping technology.
  • This data proof system creates an ESR table in which original document proof information (ES-A) that proves non-tampering of a plurality of original files is summarized and performs processing for extending the expiration date of the ESR table. Processing load is thus lower than in an example where processing for extending the expiration date is performed for each ES-A (see Japanese Patent Laying-Open No. 2014-42214).
  • the present disclosure was made to solve problems above, and an object of the present disclosure is to enable proof of validity of a time stamp token beyond an expiration date and to improve tamper resistance of the time stamp token.
  • a data management apparatus is a data management apparatus that manages data based on a distributed ledger technology.
  • the data management apparatus includes a storage device where a distributed ledger is stored, a controller that updates the distributed ledger, and a communication apparatus configured to communicate with a time stamp authority that provides a time stamp token.
  • the distributed ledger includes a first distributed ledger where a record including information on the data is stored in a time-series manner and a second distributed ledger where a record including the time stamp token obtained from the time stamp authority is stored in a time-series manner.
  • the controller obtains a first time stamp token which is a time stamp token for information on a terminal record in the first distributed ledger from the time stamp authority through the communication apparatus and causes a record including the first time stamp token to be stored in the second distributed ledger.
  • the first time stamp token obtained for the information on the terminal record in the first distributed ledger is managed in the second distributed ledger.
  • all records subsequent to the record including the time stamp token should be tampered, and it is difficult to tamper the first time stamp token.
  • Even when a certain first time stamp token stored in the second distributed ledger expires, the fact that the first time stamp token that had expired has not been tampered can be proven by the records subsequent to the record including the first time stamp token. Therefore, even when the first time stamp token expires, validity thereof can be proven.
  • the information on the terminal record in the first distributed ledger is a hash value of the terminal record.
  • the time stamp token is obtained for the hash value of the terminal record stored in the first distributed ledger.
  • the record itself stored in the first distributed ledger since the record itself stored in the first distributed ledger is not sent to the time stamp authority, the record itself can be concealed at the time when the time stamp token is obtained.
  • the first time stamp token is obtained in accordance with an operation by a user onto the data management apparatus.
  • the user can obtain the first time stamp token and have the first time stamp token stored in the second distributed ledger at any timing.
  • the controller when a record is added to the first distributed ledger, the controller obtains the first time stamp token for that record.
  • the first time stamp token can automatically be obtained and stored in the second distributed ledger.
  • the controller obtains from the time stamp authority through the communication apparatus, a second time stamp token which is a time stamp token for information on a terminal record in the second distributed ledger and causes a record including the second time stamp token to be stored in the second distributed ledger.
  • the controller obtains the second time stamp token in accordance with an operation by a user onto the data management apparatus.
  • the user can obtain the second time stamp token and have the second time stamp token stored in the second distributed ledger at any timing.
  • the controller obtains the second time stamp token as a prescribed time period elapses from a time point of previous obtainment of the second time stamp token.
  • the second time stamp token can automatically be obtained and stored in the second distributed ledger.
  • the communication apparatus is further configured to communicate with an external server different from the data management apparatus.
  • the controller transmits to the external server through the communication apparatus, information on a terminal record in the second distributed ledger at a prescribed time point.
  • information on the terminal record in the second distributed ledger is separated from the data management apparatus and managed also in the external server.
  • the time stamp token (the first time stamp token and/or the second time stamp token) managed in the second distributed ledger
  • both of the time stamp token managed in the data management apparatus and information on the terminal record managed in the external server should be tampered. Tamper resistance of the time stamp token can thus be enhanced.
  • the information on the terminal record in the second distributed ledger is a hash value of the terminal record.
  • the time stamp token is obtained for the hash value of the terminal record stored in the second distributed ledger.
  • the record itself stored in the second distributed ledger since the record itself stored in the second distributed ledger is not sent to the time stamp authority, the record itself can be concealed at the time when the time stamp token is obtained.
  • a data management method is a data management method by using a data management apparatus that manages data based on a distributed ledger technology.
  • the data management apparatus includes a storage device where a distributed ledger is stored, a controller that updates the distributed ledger, and a communication apparatus configured to communicate with a time stamp authority that provides a time stamp token.
  • the distributed ledger includes a first distributed ledger where a record including information on the data is stored in a time-series manner and a second distributed ledger where a record including the time stamp token obtained from the time stamp authority is stored in a time-series manner.
  • the data management method includes obtaining from the time stamp authority through the communication apparatus, a first time stamp token which is a time stamp token for information on a terminal record in the first distributed ledger and storing a record including the first time stamp token in the second distributed ledger.
  • FIG. 1 is a diagram showing a schematic configuration of a data management system according to a first embodiment.
  • FIG. 2 is a diagram showing an exemplary configuration of a distributed ledger set.
  • FIG. 3 is a diagram for illustrating update of a distributed ledger set.
  • FIG. 4 is a functional block diagram of a controller for performing processing for responding to a first operation.
  • FIG. 5 is a functional block diagram of the controller for performing processing for responding to a second operation.
  • FIG. 6 is a functional block diagram of the controller for performing processing for responding to a third operation.
  • FIG. 7 is a functional block diagram of the controller for performing processing for responding to a fourth operation.
  • FIG. 8 is a functional block diagram of the controller for executing received transaction data.
  • FIG. 9 is a flowchart showing a procedure in processing for generating transaction data at the time when a first request is received.
  • FIG. 10 is a flowchart showing a procedure in processing for generating transaction data at the time when a second request is received.
  • FIG. 11 is a flowchart showing a procedure in processing for generating transaction data at the time when a third request is received.
  • FIG. 12 is a flowchart showing a procedure in processing at the time when a fourth request is received.
  • FIG. 13 is a flowchart showing a procedure in processing performed at the time when transaction data is received.
  • FIG. 14 is a diagram showing a schematic configuration of a data management system according to a second embodiment.
  • FIG. 15 is a diagram showing an exemplary configuration of a ledger set.
  • FIG. 16 is a diagram for illustrating an exemplary configuration of a suspension table.
  • FIG. 17 is a diagram for illustrating an exemplary configuration of a commit table.
  • FIG. 18 is a flowchart showing a procedure in processing performed in the data management system at the time when an update request is received.
  • FIG. 19 is a flowchart showing a procedure in processing at the time when a fourth request is received in the second embodiment.
  • FIG. 1 is a diagram showing a schematic configuration of a data management system 1 according to a first embodiment.
  • Data management system 1 according to the first embodiment is a system that forms a consortium network (which will also simply be referred to as a “network” below) NW among a plurality of companies and manages data based on a distributed ledger technology.
  • Data management system 1 according to the first embodiment manages data on components (which will also simply be referred to as “component data” below) that compose a vehicle.
  • the component data may be, for example, a specification of a component.
  • Data managed by data management system 1 is not limited to data on components that compose a vehicle but various types of data may be applicable.
  • data management system 1 includes four client servers 2 , a platform server 5 , a time stamp authority (TSA) 8 , and an external server 9 .
  • client servers 2 belong to different companies (for example, an A company, a B company, a C company, and a D company).
  • Platform server 5 manages network NW.
  • Platform server 5 accepts an application for participation in network NW from each client server 2 .
  • Platform server 5 permits participation of client server 2 into network NW based on an operation to permit participation performed by a manager of platform server 5 or based on a result of determination as to a prescribed condition.
  • participation into network NW of four client servers 2 belonging to the A company, the B company, the C company, and the D company, respectively, is permitted.
  • client servers 2 form network NW, and a hash value of component data is stored in a distributed ledger of each of them.
  • Software based on the distributed ledger has been introduced in each of client servers 2 , and as the introduced software based on the distributed ledger functions, each of client servers 2 functions as a node.
  • client server 2 of the A company will representatively be described below, client servers 2 of the B company, the C company, and the D company are also similar in configuration and function.
  • Client server 2 corresponds to an exemplary “data management apparatus” according to the present disclosure. Though an example where four client servers are included in network NW in data management system 1 according to the first embodiment is described, any number of client servers 2 such as less than four client servers or five or more client servers may be included in network NW.
  • Client server 2 is configured to communicate with a user terminal apparatus 7 .
  • User terminal apparatus 7 is, for example, a desk-top personal computer (PC), a notebook PC, a tablet terminal, a smartphone, or another information processing terminal with a communication function lent to an employee of the A company.
  • PC personal computer
  • notebook PC notebook PC
  • tablet terminal tablet terminal
  • smartphone smartphone
  • another information processing terminal with a communication function lent to an employee of the A company.
  • a database 4 is connected to client server 2 .
  • Component data is stored in database 4 .
  • Component data is registered or updated in database 4 in accordance with a control signal from client server 2 .
  • a user for example, the employee of the A company
  • Client server 2 can request update of component data by performing an operation onto an input apparatus 25 (which will be described later) of client server 2 or by performing an operation onto user terminal apparatus 7 .
  • Client server 2 (a controller 21 ) generates a control signal for storing (registering/updating) component data in response to an input to input apparatus 25 or a request from user terminal apparatus 7 and outputs the control signal to database 4 .
  • client server 2 As client server 2 has component data stored (registered/updated) in database 4 , it generates a hash value of the component data and generates transaction data for storing the hash value in the distributed ledger. Then, client server 2 transmits the generated transaction data to another client server 2 that forms network NW, that is, client servers 2 of the B company, the C company, and the D company.
  • NW network
  • client servers 2 of the B company, the C company, and the D company In the distributed ledger, a hash value of the component data is stored in a time-series manner, and the distributed ledger forms a proof chain for proving existence of the component data.
  • Time stamp authority 8 includes a server belonging to an authentication organization that issues a time stamp token.
  • the time stamp authority issues a time stamp token in response to a time stamp issuance request from an applicant (client server 2 in the first embodiment). More specifically, the time stamp authority transmits to the applicant, a time stamp token in which data (a record hash value which will be described later in the first embodiment) received from the applicant is linked to time information based on a time source with followability to international standard time.
  • External server 9 is a server managed by a management entity which is none of the A company, the B company, the C company, and the D company. External server 9 is configured to communicate with client server 2 . External server 9 receives a client certificate which will be described later from client server 2 and manages the received client certificate.
  • Client server 2 includes controller 21 , a read only memory (ROM) 22 , a random access memory (RAM) 23 , a communication apparatus 24 , an input apparatus 25 , a display apparatus 26 , and a storage device 27 .
  • Controller 21 , ROM 22 , RAM 23 , communication apparatus 24 , input apparatus 25 , display apparatus 26 , and storage device 27 are connected to a bus 29 .
  • Controller 21 is implemented, for example, by an integrated circuit including a central processing unit (CPU). Controller 21 develops various programs stored in ROM 22 on RAM 23 and executes the programs. The various programs include an operating system and the like. RAM 23 functions as a working memory, and various types of data necessary for execution of various programs are temporarily stored therein. Though detailed description will be given later, controller 21 performs functions to update component data recorded in database 4 , to generate transaction data for updating a distributed ledger, and to obtain a time stamp token.
  • CPU central processing unit
  • Communication apparatus 24 is configured to communicate with external equipment.
  • the external equipment includes, for example, another client server 2 , user terminal apparatus 7 , time stamp authority 8 , external server 9 , and the like. Communication between communication apparatus 24 and the external equipment is established over the Internet, a wide area network (WAN), a local area network (LAN), an Ethernet® network, a public network, a private network, a wired network or a wireless network, or the like, or combination thereof.
  • WAN wide area network
  • LAN local area network
  • Ethernet® network a public network
  • private network a private network
  • wired network or a wireless network or the like, or combination thereof.
  • Input apparatus 25 includes an input device.
  • the input device is implemented, for example, by a mouse, a keyboard, a touch panel, and/or another apparatus capable of accepting an operation by a user.
  • Display apparatus 26 includes a display.
  • Display apparatus 26 has a display show various images in accordance with a control signal from controller 21 .
  • the display is implemented, for example, by a liquid crystal display, an organic electro luminescence (EL) display, or other display equipment.
  • EL organic electro luminescence
  • Storage device 27 includes, for example, a storage medium such as a hard disk or a flash memory.
  • a secret key 271 , a plurality of public keys 272 , and a distributed ledger set 50 are stored in storage device 27 .
  • Secret key 271 is a secret key of the A company.
  • controller 21 in participation of client server 2 into network NW for the first time, controller 21 generates a secret key and a public key. Then, controller 21 transmits the generated public key to an authentication bureau (not shown) to have the public key authenticated.
  • the authentication bureau is an authentication organization that issues an electronic certificate. The authentication bureau issues an electronic certificate including information on the public key.
  • Controller 21 has secret key 271 corresponding to the authenticated public key stored in storage device 27 . Controller 21 transmits authenticated public key (electronic certificate) 272 to client servers 2 of the B company, the C company, and the D company.
  • the plurality of public keys 272 include the public key of the B company, the public key of the C company, and the public key of the D company. Controller 21 has the public keys received from other client servers 2 stored in storage device 27 . The public key of the A company itself may be stored in storage device 27 .
  • Distributed ledger set 50 includes a plurality of distributed ledgers.
  • FIG. 2 is a diagram showing an exemplary configuration of distributed ledger set 50 .
  • a component the data of which is managed with the use of the distributed ledger will also be referred to as a “target component” below.
  • Component data of the target component will also be referred to as “target data.”
  • Distributed ledger set 50 includes two distributed ledgers 51 and 52 .
  • Distributed ledger 51 functions as a proof chain (which will also be referred to as a “first proof chain” below) of target data, where a state of update of the target data is stored in a time-series manner.
  • Distributed ledger 52 functions as a proof chain (which will also be referred to as a “second proof chain” below) of a time stamp token, where a time stamp token is stored in a time-series manner.
  • a record including a hash value of the target data is stored in a time-series manner in distributed ledger 51 .
  • the record includes such information as “Key”, “Age”, “Obj-HV”, “Nonce”, “Sig”, “Prev-HV”, and “HV”.
  • Key represents information indicating an ID of the target component.
  • An ID k1 is allocated to the target component.
  • Key can also be defined as an ID for identifying distributed ledger 51 or 52 .
  • a record including Key set to k1 is stored in a time-series manner in distributed ledger 51 and a record including Key set to k2 is stored in a time-series manner in distributed ledger 52 .
  • Age represents information indicating a generation of a record.
  • Age is set to 0.
  • Age is incremented.
  • Obj-HV represents a hash value of the target data.
  • the hash value of the updated target data is generated and defined as Obj-HV.
  • the hash value is a numeric value obtained as a result of hashing of the target data with a hash function.
  • Nonce represents a nonce value indicating a number of transaction data.
  • the nonce value is generated by client server 2 (controller 21 ), for example, at the time of update of the target data stored in database 4 , as a number of processing for storing a hash value of the updated target data in distributed ledger 51 .
  • the nonce value refers to a hash value that is less likely to cryptographically cause collision.
  • Sig represents an electronic signature created with secret key 271 of client server 2 that has issued transaction data.
  • the electronic signature is created, for example, by encrypting Obj-HV (that is, the hash value of the target data) with secret key 271 .
  • the electronic signature may be created, for example, by encryption of Nonce (nonce value) with secret key 271 .
  • Prev-HV represents a hash value of a record (a parent record) in a generation immediately preceding the latest (terminal) record.
  • Prev-HV represents HV of the parent record.
  • HV represents a hash value of a record. Specifically, HV represents a hash value (which will also be referred to as a “record hash value” below) of information (Key, Age, Obj-HV, Nonce, Sig, and Prev-HV) on a record except for HV.
  • a hash value which will also be referred to as a “record hash value” below
  • information Key, Age, Obj-HV, Nonce, Sig, and Prev-HV
  • Prev-HV of the terminal record is set to “H2” which is HV of the parent record (Age “1”).
  • Prev-HV of the record of Age “3” is set to “H3” which is HV of the record of Age “2”.
  • the terminal record thus has such a structure as including a record hash value of the parent record. In other words, a chain of records is realized between Prev-HV of the terminal record and HV of the parent record.
  • Distributed ledger 51 is thus in a directed acyclic graph (DAG) structure.
  • DAG directed acyclic graph
  • a record including a time stamp token is stored in a time-series manner in distributed ledger 52 .
  • the record includes such information as “Key”, “Age”, “Obj-HV”, “Nonce”, “Sig”, “Prev-HV”, and “HV”. Since details of such information as “Age”, “Nonce”, “Sig”, “Prev-HV”, and “HV” are similar to those of the record in distributed ledger 51 , description will not be repeated.
  • Key represents information indicating an ID of a time stamp token obtained from time stamp authority 8 .
  • An ID k2 is allocated to the time stamp token.
  • Obj-HV represents a value of a time stamp token.
  • a time stamp token obtained for a record hash value in distributed ledger 51 or a time stamp token obtained for a record hash value in distributed ledger 52 is stored as Obj-HV.
  • Controller 21 of client server 2 performs a function to respond to first to fourth operations which will be described below.
  • a user of client server 2 can perform onto input apparatus 25 or user terminal apparatus 7 , an operation to register target data in database 4 or an operation to update target data registered in database 4 .
  • the operation to register the target data and the operation to update the target data will also collectively be referred to as a “first operation” below.
  • input apparatus 25 or user terminal apparatus 7 outputs a first request indicating that the first operation has been performed.
  • client server 2 has the target data registered in database 4 or updates the target data stored in database 4 .
  • client server 2 generates transaction data for adding the record including the hash value of the registered or updated target data to distributed ledger 51 .
  • This transaction data includes such information as “Key”, “Age”, “Obj-HV”, “Nonce”, “Sig”, “Prev-HV”, and “HV”.
  • the transaction data may further include time information on time at which transaction data is broadcast toward network NW (transmitted to network NW) and sender information on a sender of the transaction data.
  • the time information may be, for example, information indicating time at which target data is recorded in database 4 .
  • the sender information is, for example, information indicating the A company.
  • the sender information of the transaction data may be further specific, and it may be information indicating a department (one department of the A company) that has performed an operation to transmit transaction data to network NW or information indicating an individual (an employee of the A company) who has performed the operation to transmit transaction data to network NW.
  • a record including a hash value of the registered or updated target data is added to distributed ledger 51 .
  • the user of client server 2 can perform an operation to obtain a time stamp token for a terminal record in distributed ledger 51 (which will also be referred to as a “second operation” below) onto input apparatus 25 or user terminal apparatus 7 .
  • input apparatus 25 or user terminal apparatus 7 outputs a second request indicating that the second operation has been performed.
  • client server 2 (controller 21 ) generates a record hash value of the terminal record in distributed ledger 51 and obtains a time stamp token for the record hash value.
  • client server 2 (controller 21 ) generates transaction data for adding a record including the time stamp token to distributed ledger 52 .
  • This transaction data includes such information as “Key”, “Age”, “Obj-HV”, “Nonce”, “Sig”, “Prev-HV”, and “HV”.
  • the transaction data may include time information and sender information.
  • the record including the time stamp token obtained for the record hash value of the terminal record in distributed ledger 51 is added to distributed ledger 52 .
  • Client server 2 may be configured to automatically perform processing for responding to the second request when it senses addition of a new record to distributed ledger 51 .
  • client server 2 senses addition of a new record to distributed ledger 51 , it generates a record hash value of the record and obtains a time stamp token for the record hash value. Then, client server 2 (controller 21 ) generates transaction data for adding the record including the time stamp token to distributed ledger 52 .
  • client server 2 can perform an operation to obtain a time stamp token for a terminal record in distributed ledger 52 (which will also be referred to as a “third operation” below) onto input apparatus 25 or user terminal apparatus 7 .
  • input apparatus 25 or user terminal apparatus 7 outputs a third request indicating that the third operation has been performed.
  • client server 2 (controller 21 ) generates a record hash value of a terminal record in distributed ledger 52 and obtains a time stamp token for that record hash value.
  • client server 2 (controller 21 ) generates transaction data for adding a record including the time stamp token to distributed ledger 52 .
  • This transaction data includes such information as “Key”, “Age”, “Obj-HV”, “Nonce”, “Sig”, “Prev-HV”, and “HV”.
  • the transaction data may include time information and sender information.
  • client server 2 can perform an operation to generate a client certificate (which will also be referred to as a “fourth operation” below) onto input apparatus 25 or user terminal apparatus 7 .
  • the client certificate refers to data including a record hash value of a terminal record in distributed ledger 52 at a time point when the fourth operation is performed.
  • input apparatus 25 or user terminal apparatus 7 outputs a fourth request indicating that the fourth operation has been performed.
  • client server 2 (controller 21 ) generates a record hash value of a terminal record in distributed ledger 52 and creates a client certificate including the record hash value. Then, client server 2 (controller 21 ) transmits the client certificate to external server 9 through communication apparatus 24 .
  • FIG. 3 is a diagram for illustrating update of distributed ledger set 50 .
  • An upper tier in FIG. 3 schematically shows distributed ledger 51 which is the first proof chain and a lower tier in FIG. 3 schematically shows distributed ledger 52 which is the second proof chain.
  • the hash value of the component data of the target component is stored in a time-series manner in the first proof chain (distributed ledger 51 ).
  • target data DO is first registered in database 4 by an operation to register target data (the first operation)
  • a record RA 0 of Age “0” including the hash value of that target data DO is stored in distributed ledger 51 .
  • the target data is updated by the operation to update the target data (the first operation) and updated target data D 1 is registered in database 4
  • a record RA 1 of Age “1” including the hash value of updated target data D 1 and the record hash value of parent record RA 0 of Age “0” is stored in distributed ledger 51 .
  • a record RA 2 of Age “2” including the hash value of updated target data D 2 and the record hash value of parent record RA 1 of Age “1” is stored in distributed ledger 51 .
  • records RA 3 and RA 4 including respective hash values of target data D 3 and D 4 are stored in distributed ledger 51 .
  • the time stamp token is stored in a time-series manner in the second proof chain (distributed ledger 52 ).
  • a record hash value RH 1 of record RA 1 is generated.
  • a time stamp token T 0 for record hash value RH 1 is obtained and a record RB 0 of Age “0” including time stamp token T 0 is stored in distributed ledger 52 .
  • a scene in which distributed ledger 51 is updated and a record RA 2 is added to distributed ledger 51 is assumed.
  • a record hash value RH 2 of record RA 2 is generated. Then, a time stamp token T 1 for record hash value RH 2 is obtained, and a record RB 1 of Age “1” including time stamp token T 1 and the record hash value of parent record RB 0 of Age “0” is stored in distributed ledger 52 . As described above, when a record is added to distributed ledger 51 , the time stamp token for the record hash value of the record may automatically be obtained.
  • the user can perform the second operation at any timing. Specifically, though an example in which the second operation is performed each time a record is added to distributed ledger 51 is shown above, the second operation does not have to be performed each time a record is added to distributed ledger 51 .
  • the second operation may be performed every prescribed times of addition of a record to distributed ledger 51 , or may be performed after lapse of a first prescribed time period since the second operation was performed previously.
  • the first prescribed time period may be set, for example, in consideration of an expiration date of the time stamp token.
  • a scene in which record RB 1 is the terminal record in distributed ledger 52 is assumed.
  • the third operation (the operation to obtain the time stamp token for the terminal record in distributed ledger 52 ) is performed on input apparatus 25 or user terminal apparatus 7 in this scene, a record hash value RH 3 of terminal record RB 1 in distributed ledger 52 is generated. Then, a time stamp token T 2 for record hash value RH 3 is obtained, and a record RB 2 of Age “2” including time stamp token T 2 and the record hash value of parent record RB 1 is stored in distributed ledger 52 .
  • the third operation can be performed at any timing of the user.
  • the time stamp token for the record hash value of the terminal record in distributed ledger 52 may be obtained when a second prescribed time period has elapsed since previous addition of a record to distributed ledger 52 .
  • the second prescribed time period may be set, for example, in consideration of an expiration date of the time stamp token.
  • the second prescribed time period may be set to a time period the same as or different from the first prescribed time period described above.
  • the fourth operation can be performed at any timing. For example, when the fourth operation is performed in the scene where record RB 1 is the terminal record in distributed ledger 52 , a client certificate including a record hash value of terminal record RB 1 in distributed ledger 52 is created. This client certificate may be sent to external server 9 through communication apparatus 24 .
  • the hash value of the target data is managed by means of distributed ledger 51 , tamper resistance of the target data can be enhanced.
  • an expiration date is set for the time stamp token.
  • Existence and integrity of the target data cannot be proven with an expired time stamp token.
  • a time stamp token obtained for a terminal record in distributed ledger 51 is stored in distributed ledger 52 as above.
  • distributed ledger 52 records are chained with a record hash value of a parent record being included. Therefore, in order to tamper the expired time stamp token, all time stamp tokens added to distributed ledger 52 after storage of the expired time stamp token should be tampered. As the time stamp token is thus stored in distributed ledger 52 , tamper resistance of the time stamp token can be enhanced.
  • time stamp token T 0 stored in record RB 0 expires
  • subsequent records RB 1 and RB 2 can prove the fact that time stamp token T 0 has not been tampered. Since validity of time stamp token T 0 can thus be proven, the expiration date of time stamp token T 0 can substantially be extended. In other words, existence and integrity of target data D 1 can be proven with the use of time stamp token T 0 .
  • a time stamp token T 2 is obtained for record hash value RH 3 of terminal record RB 1 in distributed ledger 52 at any timing.
  • time stamp token T 2 for record hash value RH 3 in distributed ledger 52 existence of record RB 1 at time proven by time stamp token T 2 and the fact that record RB 1 has not been tampered after the time proven by time stamp token T 2 can be proven.
  • Existence of record RB 1 at the time proven by time stamp token T 2 and the fact that a series of time stamp tokens stored in distributed ledger 52 has not been tampered can thus be proven.
  • Client certificate CP is separated from client server 2 and managed in external server 9 .
  • client certificate CP managed in external server 9 can prove that distributed ledger set 50 has been tampered.
  • the first operation, the second operation, the third operation, and the fourth operation may be operations, for example, performed by the user to select respective request buttons (a first button, a second button, a third button, and a fourth button) shown on the display screen of display apparatus 26 or user terminal apparatus 7 .
  • FIG. 4 is a functional block diagram of controller 21 for performing processing for responding to the first operation.
  • controller 21 includes an information obtaining unit 2101 , a hash generator 2102 , a nonce generator 2103 , an electronic signature unit 2104 , a transaction data generator 2105 , and a transaction data transmitter 2106 .
  • Controller 21 functions as information obtaining unit 2101 , hash generator 2102 , nonce generator 2103 , electronic signature unit 2104 , transaction data generator 2105 , and transaction data transmitter 2106 , for example, by executing a program stored in ROM 22 .
  • Information obtaining unit 2101 , hash generator 2102 , nonce generator 2103 , electronic signature unit 2104 , transaction data generator 2105 , and transaction data transmitter 2106 may be implemented, for example, by dedicated hardware (electronic circuitry).
  • input apparatus 25 or user terminal apparatus 7 As the first operation to register or update the target data is performed on input apparatus 25 or user terminal apparatus 7 , input apparatus 25 or user terminal apparatus 7 outputs the first request indicating that the first operation has been performed.
  • Information obtaining unit 2101 obtains the first request from input apparatus 25 or user terminal apparatus 7 .
  • the first request is inputted to information obtaining unit 2101 .
  • the first request includes ID (Key) information M 1 for identifying distributed ledger 51 to which a record is to be added.
  • information obtaining unit 2101 obtains the first request, it outputs the first request to hash generator 2102 and nonce generator 2103 .
  • Hash generator 2102 receives the first request, for example, it reads the target data from database 4 and generates the hash value of the target data. Hash generator 2102 outputs the generated hash value and ID information M 1 to electronic signature unit 2104 and transaction data generator 2105 .
  • nonce generator 2103 receives the first request, it generates a nonce value.
  • the nonce value refers to a hash value that is less likely to cryptographically cause collision.
  • Nonce generator 2103 outputs the generated nonce value and ID information M 1 to transaction data generator 2105 .
  • nonce generator 2103 may output the nonce value and ID information M 1 to electronic signature unit 2104 .
  • Electronic signature unit 2104 reads secret key 271 from storage device 27 .
  • Electronic signature unit 2104 creates the electronic signature by encrypting with secret key 271 , the hash value received from hash generator 2102 .
  • Electronic signature unit 2104 outputs the created electronic signature and ID information M 1 to transaction data generator 2105 .
  • electronic signature unit 2104 may create the electronic signature by encrypting with secret key 271 , the nonce value received from nonce generator 2103 .
  • electronic signature unit 2104 may create the electronic signature by encrypting the hash value and the nonce value with secret key 271 .
  • Transaction data generator 2105 generates transaction data to be transmitted to network NW.
  • transaction data generator 2105 generates transaction data including such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV.
  • Transaction data generator 2105 recognizes Age of the parent record, for example, by checking ID information M 1 (Key) against distributed ledger set 50 , increments Age of the parent record, and sets incremented Age as Age of the record to be added.
  • Transaction data generator 2105 sets the hash value generated by hash generator 2102 as Obj-HV, sets the nonce value generated by nonce generator 2103 as Nonce, and sets the electronic signature created by electronic signature unit 2104 as Sig.
  • Transaction data generator 2105 sets the record hash value of the parent record as Prev-HV.
  • Transaction data generator 2105 hashes such information as Key, Age, Obj-HV, Nonce, Sig, and Prev-HV, and sets the information as HV.
  • the transaction data may further include time information on time at which the transaction data is broadcast toward network NW (transmitted to network NW) and sender information on a sender of the transaction data.
  • Transaction data generator 2105 outputs the generated transaction data to transaction data transmitter 2106 .
  • Transaction data transmitter 2106 outputs to communication apparatus 24 , a control signal for transmitting transaction data to network NW.
  • the transaction data is thus transmitted to network NW through communication apparatus 24 .
  • FIG. 5 is a functional block diagram of controller 21 for performing processing for responding to the second operation.
  • controller 21 includes an information obtaining unit 2111 , a record hash generator 2112 , a nonce generator 2113 , a time stamp token obtaining unit 2114 , an electronic signature unit 2115 , a transaction data generator 2116 , and a transaction data transmitter 2117 .
  • Controller 21 functions as information obtaining unit 2111 , record hash generator 2112 , nonce generator 2113 , time stamp token obtaining unit 2114 , electronic signature unit 2115 , transaction data generator 2116 , and transaction data transmitter 2117 , for example, by executing a program stored in ROM 22 .
  • Information obtaining unit 2111 record hash generator 2112 , nonce generator 2113 , time stamp token obtaining unit 2114 , electronic signature unit 2115 , transaction data generator 2116 , and transaction data transmitter 2117 may be implemented, for example, by dedicated hardware (electronic circuitry).
  • input apparatus 25 or user terminal apparatus 7 outputs the second request indicating that the second operation has been performed.
  • Information obtaining unit 2111 obtains the second request from input apparatus 25 or user terminal apparatus 7 .
  • the second request is inputted to information obtaining unit 2111 .
  • the second request includes ID information M 2 for identifying distributed ledger 51 for which the time stamp token is to be obtained and ID information M 3 for identifying distributed ledger 52 to which a record is to be added.
  • information obtaining unit 2111 obtains the second request, it outputs the second request to record hash generator 2112 and nonce generator 2113 .
  • Information obtaining unit 2111 may monitor a state of update of distributed ledger 51 and may determine that it has obtained the second request based on addition of a record to distributed ledger 51 in response to the first operation.
  • record hash generator 2112 When record hash generator 2112 receives the second request, it generates the record hash value of the latest (terminal) record in distributed ledger 51 identified by ID information M 2 . Record hash generator 2112 outputs the generated record hash value and ID information M 3 to time stamp token obtaining unit 2114 .
  • nonce generator 2113 As nonce generator 2113 receives the second request, it generates the nonce value. Nonce generator 2113 outputs to transaction data generator 2116 , the generated nonce value and ID information M 3 . When the nonce value is used for creation of the electronic signature, nonce generator 2113 may output the nonce value and ID information M 3 to electronic signature unit 2115 .
  • Time stamp token obtaining unit 2114 obtains the time stamp token for the record hash value received from record hash generator 2112 . Specifically, time stamp token obtaining unit 2114 outputs to communication apparatus 24 , a control signal for transmitting the record hash value to time stamp authority 8 . The record hash value is thus transmitted to time stamp authority 8 through communication apparatus 24 . Time stamp authority 8 that has received the record hash value sends the time stamp token back to client server 2 which is the sender of the record hash value. Time stamp token obtaining unit 2114 obtains the time stamp token from time stamp authority 8 through communication apparatus 24 . Time stamp token obtaining unit 2114 outputs the time stamp token and ID information M 3 for identifying distributed ledger 52 where the time stamp token is to be stored to electronic signature unit 2115 and transaction data generator 2116 .
  • Electronic signature unit 2115 reads secret key 271 from storage device 27 .
  • Electronic signature unit 2115 creates the electronic signature by encrypting the time stamp token received from time stamp token obtaining unit 2114 with secret key 271 .
  • Electronic signature unit 2115 outputs to transaction data generator 2116 , the created electronic signature and ID information M 3 .
  • electronic signature unit 2115 may create the electronic signature by encrypting the nonce value received from nonce generator 2113 with secret key 271 .
  • electronic signature unit 2115 may create the electronic signature by encrypting the time stamp token and the nonce value with secret key 271 .
  • Transaction data generator 2116 generates transaction data to be transmitted to network NW. For example, transaction data generator 2116 generates transaction data including such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV. Transaction data generator 2116 sets ID information M 3 (k2) as Key. Transaction data generator 2116 sets the time stamp token as Obj-HV. Other functions of transaction data generator 2116 are basically similar to those of transaction data generator 2105 described with reference to FIG. 4 .
  • Transaction data transmitter 2117 outputs to communication apparatus 24 , a control signal for transmitting transaction data to network NW. The transaction data is thus transmitted to network NW through communication apparatus 24 .
  • FIG. 6 is a functional block diagram of controller 21 for performing processing for responding to the third operation.
  • controller 21 includes an information obtaining unit 2121 , a record hash generator 2122 , a nonce generator 2123 , a time stamp token obtaining unit 2124 , an electronic signature unit 2125 , a transaction data generator 2126 , and a transaction data transmitter 2127 .
  • Controller 21 functions as information obtaining unit 2121 , record hash generator 2122 , nonce generator 2123 , time stamp token obtaining unit 2124 , electronic signature unit 2125 , transaction data generator 2126 , and transaction data transmitter 2127 , for example, by executing a program stored in ROM 22 .
  • Information obtaining unit 2121 may be implemented, for example, by dedicated hardware (electronic circuitry).
  • input apparatus 25 or user terminal apparatus 7 outputs the third request indicating that the third operation has been performed.
  • Information obtaining unit 2121 obtains the third request from input apparatus 25 or user terminal apparatus 7 .
  • the third request is inputted to information obtaining unit 2121 .
  • the third request includes ID information M 4 for identifying distributed ledger 52 for which the time stamp token is to be obtained and ID information M 5 for identifying distributed ledger 52 where the time stamp token is to be stored.
  • information obtaining unit 2121 obtains the third request, it outputs the third request to record hash generator 2122 and nonce generator 2123 .
  • record hash generator 2122 When record hash generator 2122 receives the third request, it generates the record hash value of the latest (terminal) record in distributed ledger 52 identified by ID information M 4 . Record hash generator 2122 outputs the generated record hash value and ID information M 5 to time stamp token obtaining unit 2124 .
  • nonce generator 2123 When nonce generator 2123 receives the third request, it generates the nonce value. Nonce generator 2123 outputs the generated nonce value and ID information M 5 to transaction data generator 2126 . When the nonce value is used for creation of an electronic signature, nonce generator 2123 may output the nonce value and ID information M 5 to electronic signature unit 2125 .
  • Time stamp token obtaining unit 2124 obtains the time stamp token for the record hash value received from record hash generator 2122 . Specifically, time stamp token obtaining unit 2124 outputs to communication apparatus 24 , a control signal for transmitting the record hash value to time stamp authority 8 . The record hash value is thus transmitted to time stamp authority 8 through communication apparatus 24 . Time stamp authority 8 that has received the record hash value sends the time stamp token back to client server 2 which is the sender of the record hash value. Time stamp token obtaining unit 2124 obtains the time stamp token from time stamp authority 8 through communication apparatus 24 . Time stamp token obtaining unit 2124 outputs the time stamp token and ID information M 5 for identifying distributed ledger 52 where the time stamp token is to be stored to electronic signature unit 2125 and transaction data generator 2126 .
  • Electronic signature unit 2125 reads secret key 271 from storage device 27 .
  • Electronic signature unit 2125 creates the electronic signature by encrypting the time stamp token received from time stamp token obtaining unit 2124 with secret key 271 .
  • Electronic signature unit 2125 outputs the created electronic signature and ID information M 5 to transaction data generator 2126 .
  • electronic signature unit 2125 may create the electronic signature by encrypting the nonce value received from nonce generator 2123 with secret key 271 .
  • electronic signature unit 2125 may create the electronic signature by encrypting the time stamp token and the nonce value with secret key 271 .
  • Transaction data generator 2126 generates transaction data to be transmitted to network NW. For example, transaction data generator 2126 generates transaction data including such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV. Transaction data generator 2126 sets ID information M 5 (k2) as Key. Transaction data generator 2126 sets the time stamp token as Obj-HV. Other functions of transaction data generator 2126 are basically similar to those of transaction data generator 2105 described with reference to FIG. 4 .
  • Transaction data transmitter 2127 outputs to communication apparatus 24 , a control signal for transmitting transaction data to network NW.
  • the transaction data is thus transmitted to network NW through communication apparatus 24 .
  • FIG. 7 is a functional block diagram of controller 21 for performing processing for responding to the fourth operation.
  • controller 21 includes an information obtaining unit 2131 , a record hash generator 2132 , a client certificate creation unit 2133 , and a transmitter 2134 .
  • Controller 21 functions as information obtaining unit 2131 , record hash creation unit 2132 , client certificate creation unit 2133 , and transmitter 2134 , for example, by executing a program stored in ROM 22 .
  • Information obtaining unit 2131 , record hash generator 2132 , client certificate creation unit 2133 , and transmitter 2134 may be implemented, for example, by dedicated hardware (electronic circuitry).
  • input apparatus 25 or user terminal apparatus 7 outputs the fourth request indicating that the fourth operation has been performed.
  • Information obtaining unit 2131 obtains the fourth request from input apparatus 25 or user terminal apparatus 7 .
  • the fourth request is inputted to information obtaining unit 2131 .
  • the fourth request includes ID information M 6 (k2) for identifying distributed ledger 52 for which the record hash value is to be generated.
  • information obtaining unit 2131 obtains the fourth request, it outputs the fourth request to record hash generator 2132 .
  • Record hash generator 2132 generates the record hash value of the latest (terminal) record in distributed ledger 52 for which the record hash value is to be generated. Record hash generator 2132 outputs the generated record hash value to client certificate creation unit 2133 .
  • Client certificate creation unit 2133 creates the client certificate including the record hash value received from record hash generator 2132 .
  • the client certificate may include, for example, information for identifying client server 2 that has created the client certificate.
  • Client certificate creation unit 2133 outputs the created client certificate to transmitter 2134 .
  • Transmitter 2134 outputs to communication apparatus 24 , a control signal for transmitting the client certificate to external server 9 .
  • the client certificate is thus transmitted to external server 9 through communication apparatus 24 .
  • FIG. 8 is a functional block diagram of controller 21 for executing received transaction data.
  • controller 21 includes a transaction data obtaining unit 2141 , a signature verification unit 2142 , a record creation unit 2143 , a ledger updating unit 2144 , and an output unit 2145 .
  • Controller 21 functions as transaction data obtaining unit 2141 , signature verification unit 2142 , record creation unit 2143 , ledger updating unit 2144 , and output unit 2145 , for example, by executing a program stored in ROM 22 .
  • Transaction data obtaining unit 2141 , signature verification unit 2142 , record creation unit 2143 , ledger updating unit 2144 , and output unit 2145 may be implemented, for example, by dedicated hardware (electronic circuitry).
  • Transaction data obtaining unit 2141 obtains transaction data transmitted from another client server 2 .
  • Transaction data obtaining unit 2141 outputs the obtained transaction data to signature verification unit 2142 .
  • Signature verification unit 2142 verifies validity of the electronic signature (Sig) included in the transaction data. Initially, signature verification unit 2142 identifies client server 2 which is the sender of the transaction data based on sender information included in the transaction data. Then, signature verification unit 2142 reads a public key (one of a plurality of public keys 272 ) of identified client server 2 from storage device 27 . Signature verification unit 2142 decrypts the electronic signature included in the transaction data with the read public key. As described above, the electronic signature is created by encryption of the hash value of the target data or the time stamp token with the secret key of sender client server 2 . Signature verification unit 2142 compares the decrypted value with Obj-HV (the hash value or the time stamp token) included in the transaction data. When signature verification unit 2142 confirms match therebetween, it acknowledges validity of the electronic signature.
  • Obj-HV the hash value or the time stamp token
  • record creation unit 2143 When validity of the electronic signature is acknowledged, record creation unit 2143 creates a record to be added to distributed ledger set 50 based on the transaction data. Record creation unit 2143 reads such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV from the transaction data and creates a record including such information.
  • Ledger updating unit 2144 adds the record created by record creation unit 2143 to distributed ledger set 50 to update distributed ledger set 50 .
  • ledger updating unit 2144 refers to Key in the created record and identifies a distributed ledger to which the record is to be added.
  • transaction data generated in accordance with the first operation to register/update the target data described above includes “k1” as Key. Therefore, ledger updating unit 2144 adds the record to distributed ledger 51 which is the proof chain of the target data.
  • the transaction data generated in accordance with the second operation to obtain the time stamp token for the terminal record in distributed ledger 51 and the third operation to obtain the time stamp token for the terminal record in distributed ledger 52 includes “k2” as Key. Therefore, ledger updating unit 2144 adds the record to distributed ledger 52 which is the proof chain of the time stamp token.
  • ledger updating unit 2144 outputs that fact to output unit 2145 .
  • Output unit 2145 outputs to communication apparatus 24 , a control signal for transmission of an indication of completion of processing for executing transaction data (transaction processing) to client server 2 which is the sender of the transaction data. A report on completion of transaction processing is thus transmitted through communication apparatus 24 to client server 2 which is the sender of the transaction data.
  • FIG. 9 is a flowchart showing a procedure in processing for generating transaction data at the time when the first request is received. Processing in the flowchart shown in FIG. 9 is performed by controller 21 when it receives the first request from input apparatus 25 or user terminal apparatus 7 . Though an example in which each step (the step being abbreviated as “S” below) in the flowchart shown in FIG. 9 and FIGS. 10 , 11 , 12 , and 13 which will be described later is performed by software processing by controller 21 is described, a part or the entirety thereof may be performed by hardware (electronic circuitry) provided in controller 21 .
  • controller 21 In S 1 , controller 21 generates a nonce value.
  • the nonce value is used as a number of transaction data.
  • controller 21 reads target data from database 4 and generates a hash value of the target data.
  • controller 21 reads secret key 271 from storage device 27 and creates an electronic signature by encrypting with secret key 271 , the hash value generated in S 2 . Controller 21 may create the electronic signature by encrypting with secret key 271 , the nonce value generated in S 1 . Alternatively, controller 21 may create the electronic signature by encrypting with secret key 271 , the hash value generated in S 2 and the nonce value generated in S 1 .
  • controller 21 In S 4 , controller 21 generates transaction data including such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV. Specifically, controller 21 sets ID information M 1 included in the first request as Key. Controller 21 sets the nonce value generated in S 1 as Nonce, sets the hash value generated in S 2 as Obj-HV, and sets the electronic signature created in S 3 as Sig. Controller 21 recognizes Age of the parent record by checking Key against distributed ledger set 50 and sets incremented Age of the parent record as Age. Controller 21 sets the record hash of the parent record as Prev-HV. Controller 21 hashes such information as Key, Age, Obj-HV, Nonce, Sig, and Prev-HV and sets the information as HV. Controller 21 may have time information on time at which the transaction data is broadcast toward network NW and/or sender information on the sender of the transaction data included in the transaction data.
  • controller 21 outputs to communication apparatus 24 , a control signal for transmitting the transaction data generated in S 4 to network NW.
  • the transaction data is thus transmitted to network NW through communication apparatus 24 .
  • FIG. 10 is a flowchart showing a procedure in processing for generating transaction data at the time when the second request is received. Processing in the flowchart shown in FIG. 10 is performed by controller 21 when it receives the second request from input apparatus 25 or user terminal apparatus 7 . Controller 21 may perform the processing in the flowchart shown in FIG. 10 when it senses addition of a record to distributed ledger 51 .
  • controller 21 In S 11 , controller 21 generates a nonce value.
  • the nonce value is used as a number of transaction data.
  • controller 21 In S 12 , controller 21 generates a record hash value of a terminal record in distributed ledger 51 .
  • controller 21 outputs to communication apparatus 24 , a control signal for transmitting the record hash value generated in S 12 to time stamp authority 8 .
  • the record hash value is thus transmitted to time stamp authority 8 through communication apparatus 24 .
  • Time stamp authority 8 that has received the record hash value sends a time stamp token back to client server 2 which is the sender of the record hash value.
  • Controller 21 obtains the time stamp token from time stamp authority 8 through communication apparatus 24 .
  • controller 21 reads secret key 271 from storage device 27 and creates an electronic signature by encrypting with secret key 271 , the time stamp token obtained in S 13 . Controller 21 may create the electronic signature by encrypting with secret key 271 , the nonce value generated in S 11 . Alternatively, controller 21 may create the electronic signature by encrypting with secret key 271 , the time stamp token obtained in S 13 and the nonce value generated in S 11 .
  • controller 21 In S 15 , controller 21 generates transaction data including such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV. Controller 21 sets ID information M 3 (k2) included in the second request as Key. Controller 21 sets the time stamp token obtained in S 13 as Obj-HV. Since other processing in S 15 is basically similar to the processing in S 4 in FIG. 9 , description will not be repeated.
  • controller 21 outputs to communication apparatus 24 , a control signal for transmitting the transaction data generated in S 15 to network NW.
  • the transaction data is thus transmitted to network NW through communication apparatus 24 .
  • FIG. 11 is a flowchart showing a procedure in processing for generating transaction data at the time when the third request is received. Processing in the flowchart shown in FIG. 11 is performed by controller 21 when it receives the third request from input apparatus 25 or user terminal apparatus 7 .
  • controller 21 In S 21 , controller 21 generates a nonce value.
  • the nonce value is used as a number of transaction data.
  • controller 21 In S 22 , controller 21 generates a record hash value of a terminal record in distributed ledger 52 .
  • controller 21 outputs to communication apparatus 24 , a control signal for transmitting the record hash value generated in S 22 to time stamp authority 8 .
  • the record hash value is thus transmitted to time stamp authority 8 through communication apparatus 24 .
  • Time stamp authority 8 that has received the record hash value sends a time stamp token back to client server 2 which is the sender of the record hash value.
  • Controller 21 obtains the time stamp token from time stamp authority 8 through communication apparatus 24 .
  • controller 21 reads secret key 271 from storage device 27 and creates an electronic signature by encrypting the time stamp token obtained in S 23 with secret key 271 .
  • Controller 21 may create the electronic signature by encrypting the nonce value generated in S 21 with secret key 271 .
  • controller 21 may create the electronic signature by encrypting the time stamp token obtained in S 23 and the nonce value generated in S 21 with secret key 271 .
  • controller 21 In S 25 , controller 21 generates transaction data including such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV. Controller 21 sets ID information M 5 (k2) included in the third request as Key. Controller 21 sets the time stamp token obtained in S 23 as Obj-HV. Since other processing in S 25 is basically similar to the processing in S 4 in FIG. 9 , description will not be repeated.
  • controller 21 outputs to communication apparatus 24 , a control signal for transmitting the transaction data generated in S 25 to network NW.
  • the transaction data is thus transmitted to network NW through communication apparatus 24 .
  • FIG. 12 is a flowchart showing a procedure in processing at the time when the fourth request is received. Processing in the flowchart shown in FIG. 12 is performed by controller 21 when it receives the fourth request from input apparatus 25 or user terminal apparatus 7 .
  • controller 21 In S 31 , controller 21 generates a record hash value of a terminal record in distributed ledger 52 .
  • controller 21 creates a client certificate including the record hash value generated in S 31 .
  • Controller 21 may have information for identifying the A company itself included in the client certificate.
  • controller 21 outputs to communication apparatus 24 , a control signal for transmitting the client certificate created in S 32 to external server 9 .
  • the client certificate is thus transmitted to external server 9 through communication apparatus 24 .
  • FIG. 13 is a flowchart showing a procedure in processing performed at the time when the transaction data is received. Processing in the flowchart shown in FIG. 13 is performed by controller 21 when it receives the transaction data.
  • controller 21 identifies based on sender information included in the received transaction data, client server 2 which is the sender of the transaction data.
  • controller 21 reads the public key of client server 2 identified in S 41 from storage device 27 .
  • controller 21 decrypts the electronic signature included in the transaction data with the public key read in S 42 .
  • controller 21 verifies validity of the electronic signature decrypted in S 43 . Specifically, controller 21 compares a value resulting from decryption of the electronic signature with Obj-HV (the hash value or the time stamp token) included in the transaction data. When they do not match with each other, controller 21 does not acknowledge validity of the electronic signature (NO in S 44 ) and has the process proceed to S 45 . When they match with each other, controller 21 acknowledges validity of the electronic signature (YES in S 44 ) and has the process proceed to S 46 .
  • Obj-HV the hash value or the time stamp token
  • controller 21 discards the presently received transaction data and quits the process because the electronic signature is invalid. Controller 21 may have the possibility of tampering of the transaction data shown on display apparatus 26 . Alternatively, controller 21 may transmit an indication of the possibility of tampering of the transaction data to client server 2 which is the sender of the transaction data.
  • controller 21 reads such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV from the received transaction data and creates a record including the information.
  • controller 21 identifies based on Key in the record created in S 46 , a distributed ledger to which the record is to be added. Then, controller 21 adds the record to the identified distributed ledger. Distributed ledger set 50 is thus updated.
  • controller 21 transmits a notification (a completion report) indicating completion of transaction processing to client server 2 which is the sender of the transaction data.
  • distributed ledger set 50 including two distributed ledgers 51 and 52 is held in client server 2 .
  • Distributed ledger 51 is the proof chain for proving existence of the target data
  • distributed ledger 52 is the proof chain for proving existence of the time stamp token.
  • the record stored in distributed ledger 51 includes the hash value of the target data, rather than the target data itself. The target data itself can thus be concealed from other client servers 2 that form network NW.
  • the time stamp token is obtained for the record hash value of the added record (the terminal record in distributed ledger 51 ) and the record including the time stamp token is stored in distributed ledger 52 .
  • the time stamp token By storing the time stamp token in distributed ledger 52 , tamper resistance of the time stamp token can be enhanced.
  • records subsequent to the record including that time stamp token can prove that the expired time stamp token has not been tampered. Since validity of the expired time stamp token can thus be proven, the expiration date of the time stamp token can substantially be extended.
  • time stamp token is obtained for the record hash value of the terminal record in distributed ledger 52 . Since integrity of the record hash value can thus be proven, by proving that the record hash value has not been tampered, the fact that a series of time stamp tokens stored in distributed ledger 52 has not been tampered can be proven.
  • time stamp token obtained for the record hash value of the terminal record in distributed ledger 52 , tamper resistance of the time stamp token can be enhanced.
  • the client certificate including the record hash value of the terminal record in distributed ledger 52 is created, and the client certificate is separated from client server 2 and managed in external server 9 .
  • the fact that distributed ledger set 50 has been tampered can be proven by the client certificate managed in external server 9 .
  • a single component (a component that composes the vehicle) is managed in data management system 1 is described.
  • a plurality of components may be managed in data management system 1 .
  • N being a natural number equal to or larger than two
  • distributed ledger set 50 includes N distributed ledgers serving as proof chains of N respective components and a distributed ledger serving as a proof chain of the time stamp token.
  • N distributed ledgers serving as proof chains of N respective components
  • distributed ledger serving as a proof chain of the time stamp token.
  • platform server 5 performs a function to permit participation into network NW is described in the first embodiment. Then, finality of transaction data is given by confirmation of validity of the electronic signature between client servers 2 permitted to participate in network NW.
  • a platform server 6 performs a function to give finality to transaction data in addition to the function to permit participation into network NW will be described.
  • FIG. 14 is a diagram showing a schematic configuration of a data management system 1 A according to the second embodiment.
  • Data management system 1 A includes four client servers 3 , platform server 6 , time stamp authority 8 , and external server 9 .
  • client servers 3 are servers belonging to different companies (for example, the A company, the B company, the C company, and the D company). Though client server 3 of the A company will representatively be described below, client servers 3 of the B company, the C company, and the D company are also similar in function.
  • platform server 6 manages network NW and accepts an application to participate in network NW from each client server 3 .
  • Platform server 6 permits participation of client server 3 into network NW based on an operation to permit participation by a manager of platform server 6 or based on a result of determination as to a prescribed condition. Participation of four client servers 3 belonging to the A company, the B company, the C company, and the D company into network NW is permitted also in the second embodiment.
  • client servers 3 and platform server 6 form network NW.
  • Software based on the distributed ledger has been introduced in each of client servers 3 , and as the introduced software based on the distributed ledger functions, each of client servers 3 functions as a node.
  • Client server 3 is configured to communicate with user terminal apparatus 7 similarly to client server 2 according to the first embodiment.
  • database 4 is connected to client server 3 .
  • Client server 3 (a controller 31 ) generates a control signal for registering/updating target data and outputs the control signal to database 4 in response to an input to an input apparatus 35 or a request from user terminal apparatus 7 .
  • client server 3 As client server 3 has component data registered in database 4 /updates component data in database 4 , it creates a hash value of the component data and generates transaction data for storing the hash value in a ledger held in platform server 6 and a distributed ledger (a commit table which will be described later) held in each client server 3 . Then, client server 3 transmits the generated transaction data to platform server 6 .
  • Platform server 6 performs a function to give finality to the transaction data.
  • a ledger set 60 is held in platform server 6 , and platform server 6 processes transaction data received from client server 3 and updates ledger set 60 .
  • As platform server 6 updates ledger set 60 it transmits a record (a proof record which will be described later) added to the ledger by updating to all client servers 3 that participate in network NW.
  • a commit table 374 where a commit record is stored is stored in client server 3 .
  • Commit table 374 corresponds to an exemplary “distributed ledger” according to the present disclosure.
  • FIG. 15 is a diagram showing an exemplary configuration of ledger set 60 .
  • Ledger set 60 includes a ledger 67 and a ledger 68 .
  • a state of update of the target data is stored in a time-series manner in ledger 67
  • ledger 67 forms a proof chain of the target data.
  • a time stamp token is stored in a time-series manner in ledger 68
  • ledger 68 forms a proof chain of the time stamp token.
  • ledger set 60 ledger 67 , and ledger 68 are similar in configuration to distributed ledger set 50 , distributed ledger 51 , and distributed ledger 52 according to the first embodiment, respectively, detailed description thereof will not be repeated.
  • FIG. 15 shows a data structure of ledgers 67 and 68 corresponding to the example shown in FIG. 3 .
  • a record of Age “2” is stored in each of ledgers 67 and 68 as the latest (terminal) record.
  • client server 3 includes controller 31 , a ROM 32 , a RAM 33 , a communication apparatus 34 , input apparatus 35 , a display apparatus 36 , and a storage device 37 .
  • Controller 31 , ROM 32 , RAM 33 , communication apparatus 34 , input apparatus 35 , display apparatus 36 , and storage device 37 are connected to a bus 39 .
  • ROM 32 , RAM 33 , communication apparatus 34 , input apparatus 35 , and display apparatus 36 are basically similar in configuration to ROM 22 , RAM 23 , communication apparatus 24 , input apparatus 25 , and display apparatus 26 of client server 2 according to the first embodiment, description thereof will not be repeated.
  • a secret key 371 and proof data 372 are stored in storage device 37 .
  • Secret key 371 is a secret key of the A company.
  • controller 31 in participation of client server 3 into network NW for the first time, controller 31 generates a secret key and a public key. Then, controller 31 transmits the generated public key to an authentication bureau (not shown) and has the public key authenticated. The authentication bureau issues an electronic certificate including information on the public key.
  • Controller 31 has secret key 371 corresponding to the authenticated public key stored in storage device 37 . Controller 31 transmits an authenticated public key (electronic certificate) 651 to platform server 6 .
  • Proof data 372 includes a suspension table 373 and commit table 374 .
  • FIG. 16 is a diagram for illustrating an exemplary configuration of suspension table 373 .
  • FIG. 17 is a diagram for illustrating an exemplary configuration of commit table 374 .
  • Suspension table 373 and commit table 374 each includes a configuration adapted to ledger set 60 .
  • suspension table 373 includes a prescribed type of information included in transaction data that has not been used. Specifically, for example, a suspension record including such information as Key and Nonce is stored in suspension table 373 . Of information included in the transaction data generated in response to various requests (the first request to the third request), controller 31 has such information as Key and Nonce stored as the suspension record in suspension table 373 . When the first request to the third request are not particularly distinguished from one another, the first request to the third request will also collectively be referred to as an “update request” below.
  • the update request received by client server 3 from input apparatus 35 or user terminal apparatus 7 includes information on an ID for identifying a distributed ledger to which a record is to be added.
  • the first request includes ID information M 1 indicating “k1”.
  • the second request includes ID information M 3 indicating “k2”.
  • the third request includes ID information M 5 indicating “k2”.
  • the ID for identifying the distributed ledger to which a record is to be added, that is included in the update request is set as Key.
  • controller 31 receives the update request, it generates a nonce value.
  • the nonce value indicates a number of the update request (that is, a number of transaction data).
  • Controller 31 creates the suspension record including such information as Key and Nonce and has the suspension record registered in suspension table 373 .
  • FIG. 16 shows an example in which the suspension record including Key set to k1 is registered in suspension table 373 .
  • controller 31 When processing for responding to the update request is performed (that is, transaction data is used), controller 31 deletes the suspension record including Key information similar to Key included in the transaction data used for performing transaction processing from suspension table 373 .
  • a suspension record including the same Key information is not redundantly registered in suspension table 373 .
  • controller 31 determines whether or not a suspension record including Key that matches with Key included in the suspension record to be registered has already been registered in suspension table 373 .
  • controller 31 has the suspension record registered in suspension table 373 .
  • controller 31 waits for deletion of the suspension record including matching Key from suspension table 373 .
  • the suspension record including Key set to k2 can be registered in suspension table 373 , whereas the suspension record including Key set to k1 cannot be registered.
  • commit table 374 includes a prescribed type of information included in used transaction data. Specifically, a commit record including such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV is stored in commit table 374 . In the second embodiment, the commit record includes information similar to that in the record in ledger set 60 . Commit table 374 includes commit data 375 where a commit record including Key set to k1 is stored and commit data 376 where a commit record including Key set to k2 is stored.
  • the proof record is, for example, a record including such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV, that is included in a record added to the ledger by transaction processing performed with the use of the transaction data.
  • controller 31 As controller 31 receives the proof record, it adds the proof record to commit table 374 (commit data 375 or commit data 376 ) as the commit record. Then, controller 31 deletes the suspension record including Key similar to Key included in the added commit record from suspension table 373 .
  • platform server 6 includes a controller 61 , a ROM 62 , a RAM 63 , a communication apparatus 64 , and a storage device 65 .
  • Controller 61 , ROM 62 , RAM 63 , communication apparatus 64 , and storage device 65 are connected to a bus 69 .
  • Controller 61 is implemented by an integrated circuit including a CPU.
  • Controller 61 develops various programs stored in ROM 62 on RAM 63 and executes the programs.
  • the various programs include an operating system and the like.
  • RAM 63 functions as a working memory, and various types of data necessary for execution of various programs are temporarily stored therein.
  • Controller 61 receives transaction data from client server 3 and performs transaction processing.
  • Communication apparatus 64 is configured to communicate with client server 3 that participates in network NW.
  • a plurality of public keys 651 and ledger set 60 are stored in storage device 65 .
  • the plurality of public keys 651 include public keys of companies that manage client servers 3 that participate in network NW.
  • the plurality of public keys 651 include the public key of the A company, the public key of the B company, the public key of the C company, and the public key of the D company.
  • ledger set 60 is similar in configuration to distributed ledger set 50 according to the first embodiment as described above, description will not be repeated. Processing for responding to the update request in the second embodiment will sequentially be described below with reference to a flowchart.
  • FIG. 18 is a flowchart showing a procedure in processing performed in data management system 1 A at the time when the update request is received. Processing in the flowchart shown in FIG. 18 is started by controller 31 of client server 3 when it receives the update request from input apparatus 25 or user terminal apparatus 7 .
  • controller 31 of client server 3 generates a nonce value.
  • the nonce value is used as a number of transaction data generated in response to the update request.
  • controller 31 of client server 3 generates a suspension record.
  • controller 31 of client server 3 reads an ID of a distributed ledger to which a record is to be added, that is included in the update request, and generates the suspension record with the ID being set as Key information and with the nonce value generated in S 50 being set as Nonce information.
  • controller 31 of client server 3 determines whether or not the suspension record generated in S 51 can be registered in suspension table 373 .
  • controller 31 of client server 3 makes negative determination (NO in S 52 ) and waits for deletion of the suspension record including similar Key information from suspension table 373 .
  • controller 31 of client server 3 makes affirmative determination (YES in S 52 ) and has the process proceed to S 53 .
  • controller 31 of client server 3 has the suspension record registered in suspension table 373 .
  • controller 31 of client server 3 generates transaction data for responding to the update request. Specifically, when the update request falls under the first request, controller 31 of client server 3 performs processing similar to the processing in S 2 to S 4 described with reference to FIG. 9 to generate transaction data. When the update request falls under the second request, it performs processing similar to the processing in S 12 to S 15 described with reference to FIG. 10 to generate transaction data. When the update request falls under the third request, controller 31 of client server 3 performs processing similar to the processing in S 22 to S 25 described with reference to FIG. 11 to generate transaction data. Since details of the processing are as described with reference to FIGS. 9 , 10 , and 11 , description will not be repeated.
  • controller 31 of client server 3 outputs to communication apparatus 34 , a control signal for transmitting the transaction data generated in S 54 to platform server 6 .
  • the transaction data is thus transmitted to platform server 6 through communication apparatus 34 .
  • controller 61 of platform server 6 decrypts the electronic signature for verifying validity of the electronic signature included in the received transaction data. Specifically, controller 61 of platform server 6 performs processing similar to the processing in S 41 to S 43 described with reference to FIG. 13 to decrypt the electronic signature. Since details of the processing are as described with reference to FIG. 13 , description will not be repeated.
  • controller 61 of platform server 6 verifies validity of the electronic signature decrypted in S 60 . Specifically, controller 61 of platform server 6 compares the value obtained by decryption of the electronic signature with the hash value included in the transaction data (in the transaction data generated in response to the first request, the hash value of the target data, and in the transaction data generated in response to the second request and the third request, the time stamp token). When they do not match with each other, controller 61 of platform server 6 does not acknowledge validity of the electronic signature (NO in S 61 ) and has the process proceed to S 62 . When they match with each other, controller 61 of platform server 6 acknowledges validity of the electronic signature (YES in S 61 ) and has the process proceed to S 63 .
  • controller 61 of platform server 6 determines that the transaction data received from client server 3 may have been tampered, and discards the transaction data and creates an abnormality report indicating possibility of tampering. Then, controller 61 of platform server 6 has the process proceed to S 66 .
  • controller 61 of platform server 6 performs transaction processing. Specifically, controller 61 of platform server 6 performs processing similar to the processing in S 46 and S 47 described with reference to FIG. 13 to generate a record in the ledger identified by Key information included in the transaction data, to add the generated record to the ledger, and to update ledger set 60 .
  • controller 61 of platform server 6 generates a proof record.
  • the proof record includes such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV included in the record added to the ledger.
  • controller 61 of platform server 6 creates a normality report indicating completion of update of ledger set 60 (that is, processing of the transaction data). Controller 61 of platform server 6 has the proof record included in the normality report.
  • controller 61 of platform server 6 outputs to communication apparatus 64 , a control signal for transmitting the abnormality report created in S 62 or the normality report created in S 65 to client server 3 .
  • the abnormality report or the normality report is thus transmitted to client server 3 through communication apparatus 64 .
  • controller 61 of platform server 6 outputs to communication apparatus 64 , a control signal for transmitting the proof record to client servers 3 (for example, client servers 3 of the B company, the C company, and the D company) other than the sender of the transaction data.
  • client servers 3 for example, client servers 3 of the B company, the C company, and the D company
  • the proof record is thus transmitted to other client servers 3 through communication apparatus 64 .
  • controller 31 of client server 3 determines whether or not it has received the normality report from platform server 6 .
  • controller 31 of client server 3 determines that it has received the normality report (YES in S 56 )
  • controller 31 of client server 3 determines that it has not received the normality report, that is, it has received the abnormality report (NO in S 56 )
  • controller 31 of client server 3 adds the proof record included in the normality report to commit table 374 as the commit record. Specifically, controller 31 of client server 3 determines whether the commit record is to be added to commit data 375 or commit data 376 based on Key information in the proof record. Then, controller 31 of client server 3 adds the commit record to the target commit data. In S 58 , controller 31 of client server 3 deletes the suspension record including the Key information the same as that in the added commit record from suspension table 373 .
  • controller 31 of client server 3 has a result of processing for the update request shown on display apparatus 36 or transmits the result to user terminal apparatus 7 .
  • commit tables 374 are updated.
  • FIG. 19 is a flowchart showing a procedure in processing at the time when the fourth request is received in the second embodiment. Processing in the flowchart shown in FIG. 19 is performed by controller 31 when it receives the fourth request from input apparatus 35 or user terminal apparatus 7 .
  • controller 31 In S 71 , controller 31 generates a record hash value of a terminal record in commit data 376 .
  • controller 31 creates a client certificate including the record hash value generated in S 71 .
  • Controller 31 may have information for identifying the A company itself included in the client certificate.
  • controller 31 outputs to communication apparatus 24 , a control signal for transmitting the client certificate created in S 72 to external server 9 .
  • the client certificate is thus transmitted to external server 9 through communication apparatus 24 .
  • platform server 6 gives finality to the transaction data.
  • Ledger set 60 including two ledgers 67 and 68 is held in platform server 6 .
  • the state of update of the target data is stored in the time-series manner in ledger 67
  • the time stamp token is stored in the time-series manner in ledger 68 .
  • ledger set 60 is updated, the proof record including information on the record added to ledger set 60 is sent from platform server 6 to each client server 3 .
  • Each of client servers 3 adds the proof record to commit table 374 as the commit record.
  • Commit table 374 corresponds to distributed ledger set 50 according to the first embodiment. As client servers 3 hold their commit tables 374 between each other, tamper resistance of commit table 374 is enhanced.
  • the client certificate including the record hash value of the terminal record in commit data 376 is created, and separated from client server 3 and managed in external server 9 .
  • the client certificate managed in external server 9 can be proven by the client certificate managed in external server 9 .
  • commit table 374 includes information similar to information included in ledger set 60 is described in the second embodiment.
  • each of pieces of commit data 375 and 376 in commit table 374 includes such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV.
  • a part of information included in ledger set 60 may be in commit table 374 .
  • each of pieces of commit data 375 and 376 in commit table 374 may include such information as Key, Age, Obj-HV, HV, and Nonce, of such information as Key, Age, Obj-HV, Nonce, Sig, Prev-HV, and HV in each of ledgers 67 and 68 in ledger set 60 .
  • the proof record is also generated to include such information as Key, Age, Obj-HV, HV, and Nonce.
  • commit data 375 and 376 are summaries of respective ledgers 67 and 68 .
  • commit data 375 and 376 are summaries of respective ledgers 67 and 68 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
US17/972,977 2021-09-22 2022-10-25 Data management apparatus and data management method Pending US20230153036A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2021-154131 2021-09-22
JP2021154131A JP2023045607A (ja) 2021-09-22 2021-09-22 データ管理装置およびデータ管理方法

Publications (1)

Publication Number Publication Date
US20230153036A1 true US20230153036A1 (en) 2023-05-18

Family

ID=85776501

Family Applications (1)

Application Number Title Priority Date Filing Date
US17/972,977 Pending US20230153036A1 (en) 2021-09-22 2022-10-25 Data management apparatus and data management method

Country Status (2)

Country Link
US (1) US20230153036A1 (ja)
JP (1) JP2023045607A (ja)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180225640A1 (en) * 2017-02-06 2018-08-09 Northern Trust Corporation Systems and methods for issuing and tracking digital tokens within distributed network nodes
US20210334802A1 (en) * 2020-04-22 2021-10-28 Alipay (Hangzhou) Information Technology Co., Ltd. Managing transaction requests in ledger systems
US11632293B2 (en) * 2019-01-23 2023-04-18 Scalar, Inc. Tamper-evidence processing by comparing updated objects or by comparing summaries thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180225640A1 (en) * 2017-02-06 2018-08-09 Northern Trust Corporation Systems and methods for issuing and tracking digital tokens within distributed network nodes
US11632293B2 (en) * 2019-01-23 2023-04-18 Scalar, Inc. Tamper-evidence processing by comparing updated objects or by comparing summaries thereof
US20210334802A1 (en) * 2020-04-22 2021-10-28 Alipay (Hangzhou) Information Technology Co., Ltd. Managing transaction requests in ledger systems

Also Published As

Publication number Publication date
JP2023045607A (ja) 2023-04-03

Similar Documents

Publication Publication Date Title
US20190044736A1 (en) Secure Revisioning Auditing System for Electronic Document Files
CN106031086B (zh) 用于生成设备证书和检验设备证书的有效性的方法和系统
CN110489946B (zh) 基于区块链的版权认证方法、装置、设备和存储介质
CN109766673A (zh) 一种联盟式音视频版权区块链系统及音视频版权上链方法
WO2019081530A1 (en) METHODS OF RECORDING AND SHARING A DIGITAL IDENTITY OF A USER USING DISTRIBUTED REGISTERS
US20210232568A1 (en) Index structure for blockchain ledger
US20220272085A1 (en) Blockchain network identity management using ssi
US20220329436A1 (en) Token-based identity validation via blockchain
US20210314139A1 (en) Noisy transaction for protection of data
US20220276996A1 (en) Assessment node and token assessment container
US20220138181A1 (en) Schema-based pruning of blockchain data
CN111881109A (zh) 数据库可合并分类账
US20210250165A1 (en) Tracking and linking item-related data
US20210126787A1 (en) Optimal endorser node determination based on state
EP3457622B1 (en) Electronic voting system
US20230153036A1 (en) Data management apparatus and data management method
US20210256017A1 (en) Computation of containment relationships
EP4362383A1 (en) Data management apparatus and data management method
US20230115180A1 (en) Data management apparatus and data management method
US20230155848A1 (en) Data management apparatus and data management method
EP4362385A1 (en) Data management apparatus and data management method
EP4362384A1 (en) Data management apparatus and data management method
CN116361823A (zh) 用于隐私保护的区块链的选择性审计处理
WO2024089773A1 (ja) データ管理装置およびデータ管理方法
WO2024089774A1 (ja) データ管理装置およびデータ管理方法

Legal Events

Date Code Title Description
AS Assignment

Owner name: SCALAR, INC., JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YAMAMURO, NAOKI;FUKATSU, WATARU;SIGNING DATES FROM 20221214 TO 20221220;REEL/FRAME:062250/0352

Owner name: TOYOTA JIDOSHA KABUSHIKI KAISHA, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YAMAMURO, NAOKI;FUKATSU, WATARU;SIGNING DATES FROM 20221214 TO 20221220;REEL/FRAME:062250/0352

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER